|
The four-step Red Cell Security Program has for goal to gradually
and systematically increase your security posture by alternating
assessments, remediation and training. The four steps are:
1. Vulnerability Assessment: this allows us to get a quick
snapshot of your organization's current security posture. It is
a starting point on which to build. Note that this step includes
both identifying vulnerabilities and proper remediation according
to industry best practices.
2. IT Staff Training. Once the VA has taken place, not only
are we able to assess your network, but also potentially what your
internal IT staff needs to focus on in order to become Security
Defenders. At this stage, we can either select Certification Classes
such as the CEH or Security+, or we can develop custom InfoSec training.
Hackers never stop learning - and neither should we.
3. Ethical Social Engineering Assessment: technical security
controls are required in order to present a strong defense in depth
against hacking attacks. However, hackers will proceed to the next
vulnerability in line, namely your users. An Ethical Social Engineering
Assessment is carried out by attempting to trick employees into
displaying contra-policy behavior such as disclosing confidential
information. In our experience, 25 to 50% of untrained employees
who are subjected to a Social Engineering attack give out information
within the first 30 minutes of the engagement!
4. Employee Security Awareness Training: this should take
place at least once a year, and be augmented by weekly Security
Awareness campaigns. Employees must understand that they have a
crucial role to play when it comes to securing information, and
that they are a de facto target of hackers. Proper training will
help them identify attacks, and respond adequately according to
the organization's security policy.
This program can be divided into one step per quarter, although
it is recommended that steps 3 & 4 take place shortly one after
the other.
Don't hesitate to contact
us today for a quote.
|
